Attack and defense mechanisms of malicious EPC event injection in EPC discovery service - Citegraph

Paper Info

Title
Attack and defense mechanisms of malicious EPC event injection in EPC discovery service

Abstract
A supply chain usually involves collaboration among multi-national companies and it is well-known that information sharing is a critical success factor in supply chain management. Electronic Product Code Discovery Service (EPCDS) is a newly proposed concept which allows supply chain companies to search for their unknown partners globally and share information efficiently. As EPCDS contains critical business information about partnership relationship and product movement, access control systems are integrated into EPCDS for privacy protection. Although currently proposed access control systems include authentication and authorization of supply chain companies, they do not consider authentication of business information published by the companies. This vulnerability enables malicious EPC event injection attack, where forged business information are registered to EPCDS by malicious parties. With such exploitation, adversaries can impersonate as legitimate supply chain partners, bypass the access control systems of EPCDS and get access to previously unauthorized information. To the best of our knowledge, our paper is the first to discover the possibility of such attack in EPCDS. Our paper discusses threat model and different types of adversaries for the attack. We then present general defense mechanisms and define the security requirements of preventive measures. We also propose a new prevention mechanism, where pseudo-random numbers are generated by EPC tags and serves as authentication tokens for registering EPC events. Moreover, our paper analyzes how existing solutions, such as tailing, can be modified to detect malicious EPC event injection in EPCDS.

Year	DOI	Venue
2013	10.1109/RFID-TA.2013.6694532	RFID-TA
Keywords	Field	DocType
business information authentication,preventive measures,attack mechanism,access control systems,random number generation,authentication tokens,supply chains,supply chain companies,malicious epc event injection,partnership relationship,electronic product code discovery service,product movement,authorisation,epcds,defense mechanism,pseudorandom numbers,business data processing,message authentication,security requirements,business information authorization,information sharing	Authentication,Message authentication code,Threat model,Computer security,Supply chain management,Supply chain,Access control,Engineering,Information sharing,Electronic Product Code	Conference
ISBN	Citations	PageRank
978-1-4799-2114-0	3	0.38
References	Authors
14	3

Authors (3 rows)

Cited by (3 rows)

References (14 rows)

Name	Order	Citations	PageRank
Su Mon Kywe	1	106	6.36
Yingjiu Li	2	1298	92.14
Jie Shi	3	13	1.58

1